Windows Offline Files have a bad reputation. Many an administrator can tell a story where Offline Files caused issues that sometimes even required a reinstallation of the affected PC. But Microsoft has gradually improved the functionality and ironed out many of the bugs. Today – in Windows 7 SP1 with all post-SP1 fixes – Offline Files is a technology that still has its problems, but can be used in production – if you are adventurous. This article lists the gotchas I am aware of.

Please note: Although this article originally targeted Windows 7, most if not all of its content applies to Windows 8, too.

Documentation

If you want to know what is really going on under the hood, you are mostly on your own. The documentation Microsoft provides is not detailed enough to implement Offline Files in larger production environments. Nor does it help much if things do not work the way you think they should be working.

Configuration

Caution: Most settings do not apply to Windows 7, but to older operating systems. In the computer part, only 10 out of the 28 settings are relevant to Windows 7. In the user part only 2 out of 15.

Tip: Set a filter in Group Policy Management Console that only includes settings for Windows 7.

Logging

Offline Files messages are logged to a well-hidden part of the event log only: Application and Services Logs -> Microsoft -> Windows -> OfflineFiles. By default, only an Operational log is there, but if you enable Show Analytic and Debug Logs in View menu, you also get logs called Analytic, Debug and SyncLog. Each of those can be (and has to be) enabled separately. Out of these logs, SyncLog is the most interesting. In it you can find one entry per synchronized file. Analytic and Debug have always been empty during my tests.

Readability of the logs generated by Offline Files is generally bad. Many messages are cryptic and difficult to interpret.

Architecture

Modes: Online, Slow Link and Offline

Offline Files have four modes of operation:

Online

Slow link

Auto offline

Manual offline

Offline Files transition between the three modes online, slow link and auto offline depending on connection speed. The user can always override the automatic mode selection by manually switching to manual offline mode.

To determine the connection speed two pings with default packet size are sent to the file server. If the average round-trip time is below 80 ms (Windows 7) or 35 ms (Windows 8), the connection is put into online mode, otherwise into slow link mode. The latency value of 35/80 ms is configurable through the Group Policy setting Configure slow-link mode.

Initial & Logon Synchronization

When a user first logs on to a computer, initial synchronization occurs in the background. Once the initial synchronization has completed, the offline files icon in the notification area of the system tray is displayed:

Once initial synchronization has completed, logon synchronization is attempted 5 minutes after every logon. The default delay of 5 minutes can be changed by setting the following registry value:

Reads, Writes and Synchronization

In online mode, changes to files are made on the file server as well as in the local cache (this induces a performance hit – see this article for details). Reads are satisfied from the local cache (if in sync).

In slow link mode, changes to files are made in the local cache. The local cache is background-synchronized with the file server every 6 hours (Windows 7) or 2 hours (Windows 8), by default. This can be changed through the Group Policy setting Configure Background Sync.

In auto offline mode, all reads and writes go to the local cache. No synchronization occurs.

In manual offline mode, all reads and writes go to the local cache. No synchronization occurs by default, but background synchronization can be enabled through the Group Policy setting Configure Background Sync.

Permissions

Offline Files do not require any special permissions on the file server. The permissions listed in MS KB2512089 are, at best, misleading. Specifically, Everyone, Local System and Creator Owner need not be granted permissions, neither on the share nor in the file system.

Microsoft recommends, however, to only use Offline Files for paths where only one user has write access in order to prevent synchronization conflicts that invariably arise if multiple users can edit different copies of a document at the same time. The only valid multi-user scenario would be a read-only directory used to push out things like static documentation to the users.

Permissions are synchronized to the offline cache, too. If a user has read access on the file server, he has read access in offline mode – nothing more.

Cache size management

Files that were cached automatically are removed on a least-recently used basis if the maximum cache size is reached.

Files that were cached manually are never removed from the local cache. When the total local cache size limit is reached and all files that were cached automatically have already been removed, you can not make files available offline until you specify a new limit or delete files from the local cache by using the Offline Files control panel applet.

The default limit for the Offline Files cache size is 25% of the total disk space of the drive where the Offline Files cache is located (typically C:\Windows\CSC). The cache size can be configured through the Group Policy setting Limit disk space used by Offline Files.

Encryption

The Offline Files cache can be encrypted using EFS. If enabled, EFS encrypts the files on a per-user basis. If a user does not already have an EFS certificate, a new one will be generated on the fly.

Caution: when a user’s password is reset, the EFS key is discarded and cached Offline Files become invalid: files that have not been synchronized yet are lost. Everything else needs to be re-downloaded.

Recommendations

Network Share Configuration

Availability of Offline Files can be controlled via caching options of network shares. Make sure that the Offline settings of the share are not configured to disable Offline Files.

Bad: No files or folders from the shared folder are available offline

Good: Only the files and folders that users specify are available offline

Use with caution: All files and programs that users open from the share are automatically available offline

Optimize for performance has no effect on computers running Vista or newer

If you are using DFS, make sure that the DFS root shares are configured correctly, too.

Software Versions

By all means, use the latest version of Windows and install every patch related to networking and Offline Files you can get your hands on. Microsoft releases new patches for Offline Files regularly. Monitor the KB for new articles and subscribe to this blog’s feed: blogs.technet.com/b/yongrhee.

If you have very long logon times in conjunction with folder redirection it might be due to a bug that is described in the Microsoft Knowledge Base article 2525332 (You encounter a long logon time after you enable the “Do not automatically make redirected folders available offline” Group Policy setting in Windows 7 or in Windows Server 2008 R2). Install the patch that is available on the article’s web page and the problem should go away.

Notes: The actual value of the FormatDatabase value is ignored. Reinitialization requires a restart. When the computer is restarting, the system will re-initialize the CSC and then delete the FormatDatabase value.

Warning: All files in the cache are deleted and unsynchronized data is lost.

Design Flaws

DFS

When transitioning to an offline state, Offline Files always transitions entire path trees. This is especially bad if DFS is used, since it means that if \\domain.com\dfs\homes\user1 is detected as being offline, the entire tree below \\domain.com\dfs goes offline. To work around that, configure a slow-link policy with values similar to the following:

\\domain.com\dfs: Latency=32000

\\domain.com\dfs\homes: Latency=60

More information on this configuration can be found on the AskDS blog.

Initial Synchronization

There is no visual feedback that indicates whether initial synchronization has completed. When a user gets a new laptop, there is no simple way for him to determine if all his data has been synchronized to the local disk. Only if manually initiating a synchronization via Sync Center one can be sure that everything is available locally.

Offline Transition and File Server Load

The only criterion used to determine the state of a network path is the connection speed (which is measured by sending two pings). There are cases, however, where a file server is so heavily loaded that it practically ceases serving files, all the while still answering pings quickly. In such a situation Offline Files remain in online mode. As a consequence the files on the network path are inaccessible even though they could be served from the offline cache.

Tools

Robocache

This tool needs still needs some polishing, but it looks promising. It can automate most administrative tasks related to Offline Files. This is the list of its capabilites:

info – display status info about the target(s)

pin – assure offline availability

unpin – unpin the target(s)

sync – synchronize cached files with remote files

rename – rename cached item

delete – delete cached item

suspend – suspend the target folders

unsuspend – unsuspend the target folders

online – transition to online state

offline – transition to offline state

enable – enable offline files cache

disable – disable offline files cache

encrypt – encrypts offline files cache

decrypt – decrypts offline files cache

Robocache is available as Shareware here. The author describes his tool in his blog.

Just one question regarding one of your recommendations to do with redirected folders and offline files. You say “If a user’s entire home directory is available offline and folders are redirected from the user profile to subfolders of the home directory, disable the setting in the folder redirection policy that automatically makes redirected folders available offline. Otherwise, the redirected folders would be available offline “twice”, which might confuse the operating system.”
The setting I’m seeing in Group Policy under User >>policies >> Administrative Templates >> Folder Redirection is “do not automatically make redirected folders offline”. Just to clarify are you suggesting disabling this setting or do you mean enabling this setting?

Hello,
Good information!
We are struggling at this time with a user that has offline folders. They work fine.
When he connects to our network over VPN (Aventail), he is not able to access the data which is NOT in the offline folders. That data is on the same share as the offline folders. Shares/drive letters that do not contain any offline folders are accessible without problems. We have tried and tested different scenario’s, but we can not put our finger on the problem.
Any thoughts?

I had a simular issue with a user and it turned out he wasn’t clicking the offline/online button in the top rigth of the open ‘my computer’ (or share) window. Because he was offline and then VPN’d the OS was still working from an offline POV. Even though he had VPN’d, the offline files were still in offline mode. When he changed to online (via the toggle) he was able to see all folders.

Hello Pauly,
Thank you so much for your reply: it is the question to our problem also! I must admit we from IT also had a look on it, and didn’t figure out that clicking the button is the solution. After all it is a bit strange, as mapped network drives where the user does not have any offline folders show up immediately after connecting to the VPN, without changing anything.
Thanks again,
Kris

Can you provide further clarification about your comments regarding MS KB2512089? If the listed permissions are not needed, why does Microsoft say they are the “Minimum Permissions Required” to resolve the issue described in MS KB2512089?

i’m wondering if transparent caching will work even if “offline use” is disabled for the share at the server side?
since transparent caching only works while connected and thus it is not an actual offline use.
e.g., can remote users benefit from the caching feature for shares that are not intended to be used offline?

Question about the “Configure slow link mode” policy for DFS namespace folders and subfolders with wildcards.
With a normal share you can use Value Name=”\\server\share\*”
Can you do this also with a DFS namespace or do I have to put every subfolder in the policy.
Example:
\\DFSdomainname\rootname = 32000
\\DFSdomainname\rootname\*” = 20

Can some please confirm what the offline caching setting should be set to for the underlying folder acting as the DFSRoot on the DFS server?
For example:
– I have a Domain namespace of “\\Company.Local\Private”
– The corresponding folder on the DFS server is “D:\DFSRoots\PRIVATE” which is obviously shared.
– The default Caching/Offline option is set to “Only the files and programs that users specify are available offline”
Is this correct or should this be changed to “No files or programs***** available offline”

For your info:
The target folders under “\\Company.Local\Private” i.e. “\\Company.Local\Private\Homes” point to a share on a file server. That file servers share is set to “Only the files and programs that users specify are available offline”

You won’t get a 100% correct answer to this question even from Microsoft support (I have tried…). So, better be safe than sorry and enable the “correct” offline file caching setting even on the DFS share. In other words:
“only the files and programs that users specify are available offline” for every file share Offline Files could ever come in contact with.

I’ve implemented the DFS 32000 ms Latency suggested in this article since my users were losing access to ALL DFS shares if they experienced any latency greater than the default 80 ms.

It seams to be working, but I’m curious if either of you know how/where in the registry to confirm that this setting is being applied on the local users machine after receiving the changes via GPO (Running Windows 7 Pro and Server 2008 R2)

Besides looking online for an answer, I’ve checked the following locations on the users machine:
1. HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache (and any sub keys)
2. HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy (and any sub keys)
3. I searched the entire registry for the latency value of “320000”

Came across your site after a lot of searching, have this issue below with a user offline folder any suggestions.
The problem is the offline files for his U / Home drive do not sync properly. There is a GPO in place which auto maps the shared drives, folder redirection and a few other things.

If you open his my documents which points to the U drive it lists all the folders but there are no files. If you go to the mapped drive the exact same thing happens. If you use start/run and go the server drive the files list fine and all data is there. So the mapped drives don’t work nor do the offline folders only a direct mapping.

The permissions on the files don’t seem to be correct and you are unable to copy the data to his machine.

At the moment the GPO is unlinked and user is using his files saved directly to his pc. This is not safe because if he makes major changes and something happens to the laptop we have an issue.

Thanks for taking the time to write this it has been useful. I have been struggling with a silmilar problem to Darren. The root cause is the structure of the share on the server.

It is in the form \\Server\Users$\%username%

At the level \User$ on the server the users only have the right to list and traverse the folder structure. because they do not have the right to read at the root of the structure offline files will not cache. you can not switch off make available offline or force a sync. Adding Read to the user rights fixes all these problems. But now all users personal folders are visible.

Any suggestions on the correct way to set permissions for home folders to use with offline folders? The option to share each home folder is so NT4.0 please someone have something better.

Great article Helge. One thing I still can’t get my head around: Offline files are configured in Computer policies, but access to the Sync Centre in control panel is configured at User policy. So how to give only users who have offline files configured, access to the Sync Centre?

I have random users going offline when trying to access a DFS share that is not enabled for Offline use. It all started when we started doing folder redirection for all our users for their Desktop and Documents.

Folder redirection is accessed via the server name – \\Users\UserFolderRedirection\. The network file shares is published via DFS – \\mydomain.com\files. We started tinkering with GPO’s and here are my settings –

I work at a company where the support group has enabled offline files for a lot of users since the dawn of time on both xp computers and 7. When migrating to new file servers on several locations, offline files was not handled properly and the pc’s would continue to think that the server is offline and let the user work on cached files indefinitely. Managing all this is still a nightmare with dead pc’s, corrupt offline files cache and strange things happening all over.

I would like to turn off the offline files feature everywhere, internet access everywhere has diminished the usefulness of this feature. However, I am concerned about data loss for people working from their offline files cache. What happens if I turn off offline files?
* Will the offline files cached files disappear from the client?
* Will it sync back any files changed on the client to the server when people who has been out of office returns?
* Any caveats?

What is the best way of disabling offline files?
* So far I have been using cscfix.vbs / csccmd.exe (7/xp versions) to handle server migrations, but it can also turn off the feature
* Group Policy? I am hoping Group Policy is the best way to go, but it depends on my question regarding data loss.
* Manually stopping offline files on the client and disabling the service
* Shared folders? Why is it “bad” to turn it off from here?
>Availability of Offline Files can be controlled via caching options of network shares. Make sure that the Offline settings of the share are not configured to disable Offline Files.
>Bad: No files or folders from the shared folder are available offline

I know I need to do some more testing, but I would love some feedback before my hair turns completely grey..Thanks! :)

Changing the Offline Files target is indeed something that does not go down well at all. Using DFS namespaces to hide the real server name is very useful.

However, I can understand why you want to migrate away from Offline Files. Turning OF off is the simpler part (I would do it through Group Policy). Ensuring that no data is lost is much more difficult. Imagine a user is working with data in the OF cache without even realizing it. When you turn off that cache, the data is inaccessible (though not deleted, if I am not mistaken – you would have to delete the cache separately).

I am afraid that if you want to guarantee that no data is lost you will have to write a script that performs a sync and only when that is successful turns OF off. Of course instead of synchronizing to the file server – which may be slow or not work at all, depending on the state of OF – you could just copy the data to another location on the local hard drive.

“Caution: when a user’s ****password**** is reset, the EFS key is discarded and cached Offline Files become invalid: files that have not been synchronized yet are lost. Everything else needs to be re-downloaded.”

Thanks for the information, it has been useful. I am planning a migration of my file server to a new server and use DFS. The old file server does utilize offline files. Any documentation you may have on a migration process (based on the issue Ole Kristian is experiencing)? I have been reluctant to “pull the trigger” on this project because of the potential for data loss.

With OF disabled (like VDI environments), the content is (stupidly) copied from the \\shared\oldusername\… to \\shared\newusername\… but if Offline Files is enabled, this process could take days or not be completed.

Let me say that I’ve been implemented Folder Redirection + Offline Files + UE-V for the University I work and as you said, there are some critical mistakes and misinformation in the documentation I’ve found from MS.

This half-baked MS solution has also some remarkable design flaws in addition to what you mentioned: renaming users or deprovisioning process create very time consuming problems too because it didn’t work as expected…

Another BIG issue is that MS doesn’t provide neither, a comprehensive testing procedure nor process diagrams to provision, deprovision and renaming of users and computers…

All these issues caused a deployment delay longer than expected for our team.

Now we are trying to minimize the issues on renamed users who log on machines with OF enabled (typically laptops or desktops)

Windows Offline files seems to detect a Slow Link transition pretty quickly and changes to Offline mode, but it seems rather slow detecting when the Slow Link transitions back to a Fast Link – is there any way to reduce the Slow/Fast Link Detection checking interval as I can’t find a Registry Key that controls this?

ie, if you pull the network, the machine pretty quickly switches to offline mode, but when you re-insert the network it seems to take 2 minutes to detect the re-connection before it switches to online mode.

I would very much like to reduce this 2 minute interval to something more like 15 to 30 seconds – can this be done?

Are you aware of any way to query for any offline files sync errors? We need to disable Offline Files across 10,000+ desktop PCs but if any machines have existing sync errors and we just turn it off via GPO data will be lost…